As your dedicated cybersecurity services provider, CyberOne equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 12, 2026
Information security updates and events from the past week
1.The attack group Handala has announced that it has carried out a wide-ranging attack against Stryker, one of the world’s largest medical technology companies.
Stryker is an American medical technology company founded in 1941.
Headquartered in Michigan, the company employs more than 50,000 people and operates in over 100 countries. The company provides advanced medical equipment to hospitals, operating rooms and medical centers around the world.
According to the announcement, more than 200,000 systems have been “compromised”.
The attacker claims to have deleted 12 petabytes of data, or about 12,000 terabytes.
Photos have been released that the group claims document the attack.
Stryker is no longer a regular commercial company.
Its equipment is in hospitals, operating rooms and medical facilities all over the world.
Any real damage to such an organization could have a very wide operational, business and image impact.
2.Payload Group claims to have hacked Royal Bahrain Hospital, with 110GB of data stolen, according to the report.
The group posted the hospital on its leaked website and threatened to publish the information if a ransom is not paid by March 23.
Royal Bahrain Hospital is a private hospital that has been operating since 2011 and provides inpatient, surgical, maternity, diagnostic and treatment services.
3.Nasir Group claims to have hacked CC Energy Development in Oman
According to the report, 827GB of sensitive and classified information was obtained.
The group claims that the company supplies oil to Western entities, including targets linked to Israel and the US. CC Energy Development is an energy company operating in the exploration, development and production of oil and gas in the Sultanate of Oman.
4.Chinese electric vehicle charger manufacturer ELECQ has revealed that it has fallen victim to a ransomware attack that affected its cloud infrastructure on Amazon Web Services.
The attackers were able to access cloud databases and steal customer information including names, addresses, emails, and phone numbers. The company emphasized that financial data, payment details and the charging systems themselves were not compromised, and the breach focuses on personal information of users
5.Verizon’s main reseller, exposed details of millions of customers
A significant information security incident in the US, Russell Cellular, which operates over 750 branches as an authorized reseller of Verizon, experienced a massive data leak.
The incident was revealed after it was discovered that a company database, containing approximately 61GB of sensitive information was left open with public access without sufficient password protection or encryption, the leaked data includes over 6.3 million customer records. The information is not limited to names and contact details, but also includes technical details about their mobile devices, account data and internal company business information.
6.Several major cyber updates around the world:
- Transport for London (TfL) updates that the 2024 hack affected a database of 7+ million customers (Not “5,000”). The first 5,000 were given emergency treatment because there was an indication that refund/bank account details could also be given.
- Cognizant TriZetto confirms a medical data leak of 3.4 million people, a portal related to insurance eligibility checks. For some of the victims, this also includes SSN/medical identifiers.
- Loblaw (Canada) reports a “basic” leak of customer information: name, email and phone. The company claims that passwords/health information/credit cards were not compromised.
- Companies House (UK) took down its Web Filing service for the weekend after a bug allowed logged-in users to see (and possibly change) unpublished details of other companies including date of birth, residential address and emails.
- The FBI has launched an investigation and is asking affected gamers to contact it after Steam games containing malware were discovered (window Time: May 2024–January 2026) with an emphasis on crypto theft and account takeover.
- In Luxembourg / Amazon, a Luxembourg court overturned the huge GDPR fine (€746 million) and returned the case to the regulator, mainly because of questions about how the penalty was calculated/reasoned, not necessarily because “there was no problem.”
- The European Union announced sanctions against elements from China and Iran who are linked to offensive activity against EU countries (including allegations of widespread damage to devices and infrastructure), with an asset freeze + a ban on money transfers + movement restrictions.
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. CyberOne is here to help! Check out our services.
